Charities Are Vulnerable To Severe Cyber Attacks

The UK’s charities could be at risk from a series of devastating cyber-attacks, intelligence officials from the National Cyber Security Centre have warned.

With around 200,000 charities registered in the UK, each one contains vast amounts of personal data and payment information on those that support them. This in turn makes them a huge target for the next wave of cyber-crime and potentially breaking the coming GDPR law.

In one case a charity lost £13,000 after its chief executive’s email was hacked. In a new report, experts at the centre, which is part of intelligence agency GCHQ, said charities are falling victim to a range of malicious activity, although the scale is unclear because of under-reporting.

The report said: “The NCSC believe there is considerable variation in charities’ understanding, approach to and application of cyber security". Some charities are aware their data is sensitive, valuable and vulnerable to malicious cyber activity. Fraud aimed at tricking employees with financial authority into transferring money is increasing, according to the report.

It highlighted one episode in which a charity lost £13,000 after the email of its CEO was hacked and a fraudulent message sent to its financial manager with instructions to release the funds.

Datasets containing personal details and financial information are an attractive target for criminals, the study noted. It said:

“Charity datasets may contain personally identifiable information of donors, trustees, patrons, partners, paid staff and volunteers.

“Some large charities hold several million donor records. The data may also include payment details relating to donations including card details.”

While cyber criminals are assessed as posing the greatest threat to the sector, charities are also seen as potentially attractive targets for nation states who “oppose or mistrust their activity”.

Alongside the threat assessment, the NCSC has published a guide outlining steps charities should follow to guard against attacks. They include advice on passwords, backing up data and protecting systems from malware.

NCSC director for engagement Alison Whitney said: “Cyber-attacks can be devastating both financially and reputationally, but many charities may not realise how vulnerable they are to the threat.

“That’s why we have created these quick and easy steps that will help charities protect themselves to protect their data, assets and reputation.”

Helen Stephenson, chief executive of the Charity Commission for England and Wales, said: “Charities play a vital role in our society and so the diversion of charitable funds or assets via cyber-crime for criminal purposes or personal gain is particularly damaging and shocking.

“The threat assessment confirms what we often see in our casework, unfortunately charities are not immune to fraud and cybercrime, and there are factors that can sometimes increase their vulnerability such as a lack of digital expertise, limited resources and culture of trust.

Huffington Post:     Image: Nick Youngson 

You Migh Also Read: 

Action Fraud: Social Media Used to Steal Charity Donations:

UK Fraud Hotspots Revealed:

 

« Millennials More Likely To Fall Victim To Cybercrime
On Twitter Fake News Gets More Traction Than Truth »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Fieldfisher

Fieldfisher

Fieldfisher's Technology, Outsourcing & Privacy Group has class-leading expertise in privacy, data & cybersecurity, digital media, big data, the cloud, mobile payments and mobile apps.

6cure

6cure

The 6cure Threat Protection solution eliminates malicious traffic to critical services in real time and protects against DDoS attacks.

Kobil Systems

Kobil Systems

Kobil is a pioneer in the fields of smart card, one-time password, authentication and cryptography.

Cryptshare

Cryptshare

Cryptshare is a communication solution that enables you to share e-mails and files of any size securely.

Ashley Page

Ashley Page

Ashley Page offer a unique cyber insurance and risk management solution - Cyber+Insure.

Crypto Quantique

Crypto Quantique

Crypto Quantique's ground-breaking technology radically simplifies the process of generating a hardware root of trust in an IoT device.

Invest Ottawa

Invest Ottawa

The IO Accelerator Program is designed to rapidly and systematically accelerate the development and commercial success of high growth technology firms.

GroupSense

GroupSense

GroupSense helps governments and enterprises take control of digital risk with cyber reconnaissance, counterintelligence and monitoring for breached credentials.

Cypress Data Defense

Cypress Data Defense

Cypress Data Defense helps clients build secure applications by providing training, best practices, and evaluating security during every stage of the Secure Application Development Lifecycle.

Future Technology Systems Company (FutureTEC)

Future Technology Systems Company (FutureTEC)

FutureTEC is a leading Information Technology Solutions Provider, delivering world-class Information Security, Information Management, and Business Solutions.

RMRF Tech

RMRF Tech

RMRF is a team of cybersecurity engineers and penetration testers which specializes in the development of solutions for early cyber threat detection and prevention.

Deloitte

Deloitte

Deloitte is a multinational professional services firm providing audit, consulting, financial advisory, risk management, tax, and related services to clients.

Wavenet

Wavenet

Wavenet has grown from simple beginnings to become one of the UK’s market leaders in unified communications, business telephony, and Cyber Security solutions.

Eficens Systems

Eficens Systems

Eficens Systems is a global IT services and consulting company. We specialize in empowering businesses to harness the potential of Information Technology as a strategic asset.

US Cyber Games

US Cyber Games

US Cyber Games is committed to inform and inspire the broader community on ways to develop tomorrow’s cybersecurity workforce.

PriorityZero

PriorityZero

PriorityZero is a European company focused on remote security assessments and consulting services that operates on a global scale.